> > Well, why not make it a /boot/loader.conf settable sysctl, so while the > system is running, it is "read only", and only settable on boot. > > Is there a flaw in that thinking? It should be great and easily maintainable for sys admins. But I don't know ipfilter maintainer's point of view :) clem